CA Technologies Support is alerting customers to two potential risks in CA IdentityMinder (formerly known as CA Identity Manager). Two vulnerabilities exist that can allow a remote attacker to execute arbitrary commands, manipulate data, or gain elevated access. CA Technologies has issued patches to address the vulnerability. The first vulnerability allows a remote attacker to execute arbitrary commands or manipulate data. The second vulnerability allows a remote attacker to gain elevated access.
00c833f0f4bdb71ad9ab62c3e72c38e46850fe381f35445ff8191b02cd7c4a9cSonicWALL GMS/VIEWPOINT version 6.x and Analyzer version 7.x remote root/SYSTEM exploit.
c67e6d05a8d585f1484b8a0f270568483e1cd3458d88448b2156427211649cd6Novell NCP implementation in NetIQ eDirectory version 8.8.7.x before 8.8.7.2 pre-authentication remote root stack-based buffer overflow exploit that spawns a shell on port 5074.
32c040998e1527dec35f813c9b889b9b37755382c5ac1113f101e0a818d4b951Linksys WRT54GL version 1.1 suffers from remote OS command injection and cross site scripting vulnerabilities.
c747a4881fe6f7e8e70cf9b1b6b621bdf6fad806004ab724ba2805579af13185Axway Email Firewall versions 6.3.2 build 4230 suffers from a username disclosure vulnerability due to reacting differently based on whether or not a username exists.
2b8b056b1eb439ab42465437715430bc1413a130cad90c832f320ecbac66b105This is an exploit for a stack buffer overflow in the NVidia Display Driver Service. The service listens on a named pipe (\\pipe\\nsvr) which has a NULL DACL configured, which should mean that any logged on user or remote user in a domain context (Windows firewall/file sharing permitting) should be able to exploit this vulnerability. This is updated by Sean de Regge to target the 30 Aug 2012 nvvsvc.exe build.
824e71b2ccad1dc6738764ed7ad37c509efaedb2901fd0a0583430d31a361995Secunia Security Advisory - Gjoko Krstic has discovered a weakness and multiple vulnerabilities in phlyMail Lite, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct spoofing attacks.
2bbff7c6ee401b6ff396f74ef224d1871828985ddda7209c15efb8c39b113fb6Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.
155066d301952e014312216740124a61e1fa5fe1c62fa4a3199c72dd9613f96dSecunia Research has discovered a vulnerability in Oracle Outside In Technology, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error in the Paradox database stream filter (vspdx.dll) when processing the field names and can be exploited to cause a heap-based buffer overflow via a specially crafted "number of fields" value in the table header. Oracle Outside In SDK version 8.3.7 (w/ patch 14153713) is affected.
56fa0dec02fefe39d056fd79fe61eb9e26cdf4acaa109e6e081b8297ad7a6901Secunia Security Advisory - Multiple vulnerabilities have been reported in BigAnt Messenger, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to compromise a vulnerable system.
23d2c9eec8e83e65b0b7a7a95d5a5651c55d8422eb2ae158af6e4ced7d349321Ubuntu Security Notice 1700-1 - A flaw was discovered in the Linux kernel's handling of script execution when module loading is enabled. A local attacker could exploit this flaw to cause a leak of kernel stack contents. Florian Weimer discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating source addresses of netlink packets. An untrusted local user can cause a denial of service by causing hypervkvpd to exit. Various other issues were also addressed.
4b711a1032c43404c0e37835be4261d9e099772127d146641dec44e28a1e8401Secunia Security Advisory - Ubuntu has issued an update for kernel. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
687042fa4ab0bc5a02a2c70b0b7e6b8686300af27bfbfb1cd462363743666e67Secunia Security Advisory - Ubuntu has issued an update for rpm. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.
4d8cbcbf1b83ddb1393950e99c2f4e6c5284b20f62b757d951285e7e2b3d23c5Secunia Security Advisory - Jakub Galczyk has discovered a vulnerability in MantisBT, which can be exploited by malicious people to conduct cross-site scripting attacks.
78b18535475f3dc145c51981870584a80e369402bc1bf185278792d658a05152Ubuntu Security Notice 1699-1 - Jon Howell reported a flaw in the Linux kernel's KVM (Kernel-based virtual machine) subsystem's handling of the XSAVE CPU feature. On hosts without the XSAVE CPU feature, using qemu userspace, an unprivileged local attacker could exploit this flaw to crash the system. A flaw was discovered in the Linux kernel's handling of script execution when module loading is enabled. A local attacker could exploit this flaw to cause a leak of kernel stack contents. Various other issues were also addressed.
2904161141f71136657aa5feccfaf06d5562a735552e35829baa201b02b6a654Secunia Research has discovered a vulnerability in Oracle Outside In Technology, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the Paradox database stream filter (vspdx.dll) when processing the field type within a field description array and can be exploited to reference unallocated memory via an unsupported type value (e.g. 14). Oracle Outside In SDK version 8.3.7 (w/ patch 14153713) is affected.
64eb02f84a8c1969ec2858048292fa533a3119e377c598fc40cfe05b33a023ceSonicWALL GMS/Viewpoint/Analyzer suffers from an authentication bypass vulnerability.
a7cdf9ef5dde0b877ce946cd1289e5066843249e2b56404241fd4a4fba9a3e72Ubuntu Security Notice 1696-1 - Jon Howell reported a flaw in the Linux kernel's KVM (Kernel-based virtual machine) subsystem's handling of the XSAVE CPU feature. On hosts without the XSAVE CPU feature, using qemu userspace, an unprivileged local attacker could exploit this flaw to crash the system. A flaw was discovered in the Linux kernel's handling of script execution when module loading is enabled. A local attacker could exploit this flaw to cause a leak of kernel stack contents. Various other issues were also addressed.
c1b420569ebc8959d5320509d874c3ac3e68c8ce3904aad9c1f4621cbb321abfUbuntu Security Notice 1698-1 - A flaw was discovered in the Linux kernel's handling of script execution when module loading is enabled. A local attacker could exploit this flaw to cause a leak of kernel stack contents. Florian Weimer discovered that hypervkvpd, which is distributed in the Linux kernel, was not correctly validating source addresses of netlink packets. An untrusted local user can cause a denial of service by causing hypervkvpd to exit. Various other issues were also addressed.
5867502571fddea90398a56293a3dbe716d40185c1b280e5c8f3f22987a5cd52Ubuntu Security Notice 1695-1 - It was discovered that RPM incorrectly handled certain package headers. If a user or automated system were tricked into installing a specially crafted RPM package, an attacker could cause RPM to crash, resulting in a denial of service, or possibly execute arbitrary code.
6ed9935c9f025dd952fa66e4029346a68a2ebc1e3fc480dae4564c72c2376d6bUbuntu Security Notice 1694-1 - It was discovered that RPM incorrectly handled signature checking. An attacker could create a specially-crafted rpm with an invalid signature which could pass the signature validation check.
a362b3083a5e20e567073e4ad29f1b2bd46a93b1d82107fd78a0d0906a0090d5Secunia Security Advisory - A vulnerability has been reported in Atheme, which can be exploited by malicious people to cause a DoS (Denial of Service).
04f5287d9590eb7eeb042d9999d725c1e6577e56316380621ae8a416b67a718bSecunia Security Advisory - A security issue has been reported in bcron, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
953fa8c7bdaf72e0497c89f8a6493340944d0e339f08fb4f52fd7c83dc9b594fSecunia Security Advisory - Nikolas Sotiriu has reported two vulnerabilities in multiple SonicWALL products, which can be exploited by malicious people to bypass certain security restrictions.
17b155a09a3005874f9dbff2f0215bed4752e68ccdfc4df9a7f41933bf5b50f9Secunia Security Advisory - Francis Provencher has discovered a vulnerability in Cool PDF Reader, which can be exploited by malicious people to compromise a user's system.
529769a53e2e1e757cb5530f86758fba4d122b3e6a581d38c27fdc015c14ee3d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed